[EC-598] feat: add check for unsupported algorithms

libs/common/src/webauthn/services/fido2-authenticator.service.ts

@@ -1,5 +1,6 @@
 import { CipherService } from "../../vault/services/cipher.service";
 import {
+  Fido2AlgorithmIdentifier,
   Fido2AutenticatorError,
   Fido2AutenticatorErrorCode,
   Fido2AuthenticatorMakeCredentialsParams,
@@ -19,16 +20,36 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
   ) {}
 
   async makeCredential(params: Fido2AuthenticatorMakeCredentialsParams): Promise<void> {
-    const userConfirmation = await this.userInterface.confirmDuplicateCredential(
-      [Fido2Utils.bufferToString(params.excludeList[0].id)],
-      {
-        credentialName: params.rp.name,
-        userName: params.user.name,
-      }
+    const duplicateExists = await this.vaultContainsId(
+      params.excludeList.map((key) => Fido2Utils.bufferToString(key.id))
     );
 
-    if (!userConfirmation) {
-      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED);
+    if (duplicateExists) {
+      const userConfirmation = await this.userInterface.confirmDuplicateCredential(
+        [Fido2Utils.bufferToString(params.excludeList[0].id)],
+        {
+          credentialName: params.rp.name,
+          userName: params.user.name,
+        }
+      );
+
+      if (!userConfirmation) {
+        throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_CREDENTIAL_EXCLUDED);
+      }
+    }
+
+    if (params.pubKeyCredParams.every((p) => p.alg !== Fido2AlgorithmIdentifier.ES256)) {
+      throw new Fido2AutenticatorError(Fido2AutenticatorErrorCode.CTAP2_ERR_UNSUPPORTED_ALGORITHM);
     }
   }
+
+  private async vaultContainsId(ids: string[]): Promise<boolean> {
+    for (const id of ids) {
+      if ((await this.cipherService.get(id)) != undefined) {
+        return true;
+      }
+    }
+
+    return false;
+  }
 }